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DETAILED ACTION 

Response to Amendment 

1 . This action is in response to the amendment received on February 16, 2005. 
Claims 1 -23 were originally received for consideration. Per the received amendment, 
claims 1 ,2,4,6-23 are amended, and claims 3 and 5 are cancelled. Claims 1 ,2,4, and 6- 
23 are currently being considered. 



Response to Arguments 

2. The applicant's argument received on February 16, 2005 were considered but 
were not persuasive for the following reasons: 

Regarding amended independent claims land 13, the applicant argues that the 
cited prior art (CPA), Lirov et al. (U.S. Patent No. 6,758,810), does not disclose "a 
private identity generator for generating a unique private identity for the individual 
independent of the identity information." This argument is not found persuasive. The 
CPA discloses that each user (patient) has an associated private key (private identity) 
which is independent of the identity information (column 5 lines 4-13). Each of these 
private keys (private identities) are encrypted and stored in a database. Therefore it is 
believed that the private identity is disclosed in the CPA by the virtue of the private keys 
individually generated for each user (patient). Furthermore, the applicant argues that 
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the CPA does not teach "a means for employing the private identity as a relational link 
key for relating medical data associated with the individual to the encryption key 
associated with the individual." This argument is not found persuasive. The CPA 
disclose that the medical information is encrypted using a user's public key (encryption 
key associated with the individual) (column 5 lines 53-67). The private key (private 
identity) is then used to decrypt the sensitive medical data and retrieve the medical 
information (column 5 lines 65-67). Therefore, the medical information is related to the 
private key (private identity), as the private key (private identity) is the only means to 
retrieve the encrypted user medical information. 

The rejection for the claims 1 ,2,4, and 6-23 are maintained as given below. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

3. Claims 1 ,2,4, and 6-23 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Lirov et al. (U.S. Patent 6,785,810). 
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Regarding claim 1 , Lirov discloses: 

A system for securely storing medical data, comprising: 

an input process allowing an individual to enter identity information and medical 
data to associate with the identity information and including a private identity generator 
for generating a unique private identity for the individual independent of the identity 
information (column 4 line 62 - column 5 line 13, column 9 line 62 - column 10 line 4); 

an encryption key process for providing to each individual an encryption key for 
encrypting medical data associated with the individual (column 5 line 4 - column 6 line 
38); and 

a data table generator for storing medical data including encrypted medical data, 
in a table, whereby stored medical data from different individuals may be encrypted with 
different encryption keys (Figure 1a item 105, column 5 lines 53 - column 6 line 11). 

Regarding claim 13, Lirov discloses: 

A system for storing medical data, comprising: 

an input process for allowing an individual to enter identity information and 
medical data to associate with the identity information (column 4 line 62 - column 5 line 
3, column 9 line 62 - column 10 line 4); 

a private identity generator for generating a unique private identity for the 
individual independent of the identity information (column 5 line 4 - column 6 line 38); 

a unique private identity for the individual (column 5 line 4 - column 6 line 38); 
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an encryption key process for providing to the individual a respective encryption 
key for encrypting the medical data of the individual (column 5 line 4 - column 6 line 
38); 

a relational link generator for providing relational links for the medical data and 
the encryption key associated with the individual, whereby the medical data and 
encryption key can be stored in a table of a relational database (Figure 1a item 105, 
column 5 lines 53 - column 6 line 11). 

Regarding claim 18, Lirov discloses: 

A process for controlling access to medical data, comprising: 

allowing an individual to provide medical data and identity information (column 4 
line 62 - column 5 line 3, column 9 line 62 - column 10 line 4); 

providing the individual with a private identity independent of the identity 
information and storing the medical data and identity information in tables of a relational 
database employing the private identity to provide a relational link to the medical and 
identity data (Figure 1a item 105, column 5 line 4 - column 6 line 38); 

employing the private identity to create an encryption key for the respective 
individual (column 5 line 4 - column 6 line 38); and 

encrypting, as a function of the encrypting key, medical data associated with the 
individual, whereby medical data of different individuals are encrypted with different 
respective encryption keys (column 5 line 4 - column 6 line 38). 



Application/Control Number: 09/939,200 Page 6 

Art Unit: 2131 

Claim 2 is rejected as applied above in rejecting claim 1. Furthermore, Lirov discloses: 

A system according to claim 1 , further comprising a key table generator for 
storing the encryption key in a key table (Figure 1a item 115, column 5 lines 4 - 33). 

Claim 14 is rejected as applied above in rejecting claim 13. Furthermore, Lirov 
discloses: 

A system according to claim 13, wherein the relational link generator includes an 
encryption process for encrypting a relational link for accessing medical and/or the 
encryption key (column 5 lines 4-6, column 6 lines 12 - 27). 

Claim 15 is rejected as applied above in rejecting claim 13. Furthermore, Lirov 
discloses: 

A system according to claim 13, wherein the relational link generator includes a 
hash process for generating a relational link as a hash function of the private identity 
(column 5 lines 27 - 33, column 5 lines 12 - 27). 

Claim 16 is rejected as applied above in rejecting claim 13. Furthermore, Lirov 
discloses: 

. A system according to claim 13, wherein the private identity generator includes a 
random number generator for generating the private identity as a function of a random 
number (column 5 line 4 - column 6 line 38). 



Application/Control Number: 09/939,200 Page 7 

Art Unit: 2131 

Claim 19 is rejected as applied above in rejecting claim 18. Furthermore, Lirov 
discloses: 

A process according to claim 18, further comprising: 
allowing a medical professional to search the relational database to identify 
medical data of interest.(column 6 lines 18-38, column 7 lines 54 - 65). 

Claim 20 is rejected as applied above in rejecting claim 18. Furthermore, Lirov 
discloses: 

A process according to claim 1 8, further comprising: 

allowing a medical professional to request identity information associated with 
medical data in the relational data base, and employing the private identity to notify the 
respective individual of the request (column 6 lines 18-38, column 7 lines 54 - 65). 

Claim 21 is rejected as applied above in rejecting claim 18. Furthermore, Lirov 
discloses: 

A process according to claim 18, further comprising: 
allowing the individual to control access to. the medical data of the individual 
(Table 1 , column 4 lines 10-21). 

Claim 22 is rejected as applied above in rejecting claim 18. Furthermore, Lirov 
discloses: 

A process according to claim 1 8, further comprising: 
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allowing the individual to store portions of the medical data in the dear and 
portions in an encrypted form (column 4 line 62 - column 5 line 3). 

Claim 4 is rejected as applied above in rejecting claim 1 . Furthermore, Lirov discloses: 
A system according to claim 1 , wherein the private identity generator includes a 
random number generator for generating a random number for the private identity 
(column 5 line 4 - column 6 line 38). 

Claim 6 is rejected as applied above in rejecting claim 1 . Furthermore, Lirov discloses: 
A system according to claim 1 , further including: 

means for employing the private identity as a relational link key for relating 
medical data associated with the individual to the encryption key associated with the 
individual (column 5 lines 4-6, column 6 lines 12 - 27). 

Claim 7 is rejected as applied above in rejecting claim 1 . Furthermore, Lirov discloses: 
A system according to claim 1, wherein the encryption key process includes: 
a process for generating the encryption key as a function of the private identity 

(column 5 line 4 - column 6 line 38). 



Claim 8 is rejected as applied above in rejecting claim 1. Furthermore, Lirov discloses: 
A system according to claim 1 wherein the encryption key process includes: 



Application/Control Number: 09/939,200 Page 9 

Art Unit: 2131 

a process for generating the encryption key as an asymmetric function of the 
private identity (column 5 line 4 - column 6 line 38). 

Claim 9 is rejected as applied above in rejecting claim 1 . Furthermore, Lirov discloses: 
A system according to claim 1 wherein the encryption key process includes: 
a process for generating the encryption key as a symmetric function of the 

private identity (column 5 line 4 - column 6 line 38). 

Claim 10 is rejected as applied above in rejecting claim 2. Furthermore, Lirov discloses: 
A system according to claim 2, further including: 

a table encryption process for encrypting the key table to secure the encryption 
key stored therein (column 5 lines 4-13). 

Claim 1 1 is rejected as applied above in rejecting claim 1 . Furthermore, Lirov discloses: 

A system according to claim 1 , further comprising: 

a relational link generator for processing the private identity to generate a 
relational link for associating medical data in the data table with a respective private 
identity (column 5 lines 4-6, column 6 lines 12 - 27). 

Claim 12 is rejected as applied above in rejecting claim 11. Furthermore, Lirov 
discloses: 
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A system according to claim 11, wherein the relational link generator includes a 
process for processing the private identity selected from the group consisting of a 
symmetric key algorithm, an asymmetric key algorithm, an asymmetric key algorithm, 
and a hash algorithm (column 5 line 4 - column 6 line 38). 

Claim 17 is rejected as applied above in rejecting claim 16. Furthermore, Lirov 
discloses: 

A system according to claim 16, wherein the relational link generator includes a 
process for encrypting the private identity to provide an encrypted relational link (column 
5 lines 4- 13). 

Claim 23 is rejected as applied above in rejecting claim 22. Furthermore, Lirov 
discloses: 

A process according to claim 22, comprising: 

allowing a medical professional to search the relational database (Table 1, 
column 4 lines 10-21, column 6 lines 1 8 - 38, column 7 lines 54 - 65). 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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